13804 matches found
CVE-2025-21997
CVE-2025-21997 : In the Linux kernel, a vulnerability in the XDP socket (xsk) path fixes an integer overflow in xp_create_and_assign_umem(). Because i and pool->chunk_size are 32‑bit values, their product can wrap and be cast to 64‑bit, which may cause two distinct XDP buffers to point to the ...
CVE-2024-50234
CVE-2024-50234 : A Linux kernel vulnerability affecting Wi‑Fi stack in the iwl4965/iwlegacy path where on resume from hibernation a stale interrupt could be re-enabled, causing a race between resume startup and queued shutdown work and potentially a system hang. The fix, implemented in the kernel...
CVE-2024-53066
CVE-2024-53066 concerns a Linux kernel issue where a KMSAN warning could arise from decoding NFS attributes. The warning is an uninitialized value in decode_getfattr_attrs() triggered during attribute decoding, linked to the field mdsthreshold in fattr not being initialized before it is used by d...
CVE-2024-53139
The CVE-2024-53139 entry concerns the Linux kernel SCTP stack. A fix for a possible use-after-free in sctp_v6_available() is described, prompted by a lockdep warning showing sctp_v6_available() calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding RCU. The description notes a stack t...
CVE-2024-53208
CVE-2024-53208 is a slab-use-after-free in Bluetooth MGMT set_powered_sync in the Linux kernel. Noise in the Miracle/SUSE advisories confirms the issue and lists it among fixed items in kernel live patches for SLES SLE 15 SPx. Remediation: upgrade/apply the kernel live patch referenced in SUSE/SO...
CVE-2024-56619
CVE-2024-56619 — Linux kernel nilfs2 . A potential out-of-bounds memory access in nilfs_find_entry() when an inode’s i_size is large/corrupted. Root cause: i_size upper 32 bits were lost due to a local variable type, causing underflow in end-address calculation. Fix: replace the offending local v...
CVE-2025-21658
Technical details beyond the summary are not provided in the supplied documents; no affected products, versions, or fixes are enumerated here. Monitor for updates.
CVE-2025-21887
In CVE-2025-21887, the Linux kernel overlayfs (ovl) had a use-after-free in ovl_dentry_remote/ovl_dentry_update_reval caused by calling dput(upper) before upper is no longer safe to use; the fix moves dput(upper) to after its final use in ovl_link_up, preventing the UAF. The issue is addressed in...
CVE-2025-37738
CVE-2025-37738 details from Connected docs show a Linux kernel ext4 vulnerability: ext4_xattr_inode_dec_ref_all may read past the end while processing xattrs, leading to a slab-use-after-free as reported by KASAN. The fix makes ext4_xattr handling ignore xattrs entries beyond the end, preventing ...
CVE-1999-0513
CVE-1999-0513 describes a vulnerability where ICMP messages to broadcast addresses are allowed, enabling a Smurf attack that can cause a denial of service. The primary sources (NVD, Red Hat, and CVE listings) consistently state that the issue involves ICMP traffic to broadcast addresses, resultin...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2015-0571
CVE-2015-0571 is a local privilege-escalation in the WLAN driver for the Linux kernel as used in Qualcomm QuIC Android contributions (MSM devices and related products). The issue arises from the driver’s lack of authorization checks for private SET IOCTL calls, allowing a crafted application to g...
CVE-2016-7914
The CVE-2016-7914 issue affects the Linux kernel prior to 4.5.3. The vulnerable component is assoc_array_insert_into_terminal_node in lib/assoc_array.c, which does not verify whether a slot is a leaf. This can allow a local user to read kernel memory or trigger a denial of service (invalid pointe...
CVE-2017-18204
CVE-2017-18204 affects the Linux kernel via ocfs2_setattr in fs/ocfs2/file.c, exploitable by local users to cause a denial-of-service (deadlock) when using DIO. The vulnerability exists in kernel versions before 4.14.2; Ubuntu advisories (USN 3617-3 and related) and Unity Linux advisories referen...
CVE-2018-12896
CVE-2018-12896 affects the Linux kernel up to version 4.17.3, specifically the POSIX timers path (kernel/time/posix-timers.c). An integer overflow in the overrun accounting is caused by the timer overrun values being computed with int-based accounting, which can exceed INT_MAX depending on interv...
CVE-2019-19048
CVE-2019-19048 corresponds to a memory leak in the Linux kernel’s crypto_reportstat() path inside drivers/virt/vboxguest/vboxguest_utils.c, before 5.3.9. The issue arises when copy_form_user() fails, enabling a denial of service via memory exhaustion. The connected Nessus advisories (Unity Linux ...
CVE-2021-47118
CVE-2021-47118: In the Linux kernel, cad_pid is initialized without taking a reference to the init task’s pid. When cad_pid is later updated via sysctl, the old pid may be put without a corresponding get, risking a use-after-free of the init task’s struct pid. The connected MiracleLinux advisory ...
CVE-2021-47455
The CVE-2021-47455 issue is a Linux kernel memory-leak in ptp_clock_register. When posix_clock_register() fails, the device name allocated via dev_set_name() is leaked instead of being freed, with memory freed later by kobject_cleanup() and ptp_clock_release(). The linked Nessus/Unity advisories ...
CVE-2022-21546
CVE-2022-21546 is a Linux kernel vulnerability affecting the SCSI target path. The issue arises in target_core_iblock/file when handling WRITE_SAME commands if the NDOB bit is set (NDOB indicates no data buffer) or when zero SG elements are sent. The kernel patch adds a common WRITE_SAME check fo...
CVE-2022-49275
CVE-2022-49275 affects the Linux kernel CAN subsystem (m_can). The issue is a use-after-free in can_tx_handler() related to skb handling when can_put_echo_skb() clones and frees skb. The fix moves can_put_echo_skb() for m_can 3.0.x to occur directly before hardware xmit, aligning with the 3.1.x b...
CVE-2022-49700
CVE-2022-49700 is a Linux kernel SLUB allocator bug: the fastpath in slab_alloc_node() can race with slab deactivation, allowing a mismatch where c->slab/c->freelist become inconsistent and can lead to a use-after-free or a page freeing while it still contains slab objects. The issue is tie...
CVE-2023-3338
CVE-2023-3338: A null pointer dereference in the Linux kernel DECnet protocol could allow remote crash of the system. Connected advisories confirm this affects Linux kernel DECnet with mitigation via status updates and removal of the DECnet protocol in the kernel; Debian/IBM entries note remediat...
CVE-2023-3355
CVE-2023-3355 affects the Linux kernel’s MSM GPU driver, specifically the code path in drivers/gpu/drm/msm/msm_gem_submit.c (submit_lookup_cmds). The vulnerability arises from a NULL pointer dereference due to an missing validation of kmalloc() return value, enabling a local user to crash the sys...
CVE-2023-52626
CVE-2023-52626 (Linux kernel) affects net/mlx5e: fix an operation precedence bug in port timestamping napi_poll context, where indirection (*) has lower precedence than postfix ++, causing an out-of-bounds read after increment. The fix dereferences before increment, preventing the read. CVSS 3.1 ...
CVE-2023-52813
CVE-2023-52813 : Linux kernel crypto: pcrypt fix hungtask for PADATA_RESET. The issue was a hung task in test_aead_vec_cfg caused by padata_do_parallel returning -EBUSY when pinst->flags included PADATA_RESET, preventing aead_request_complete() and leading to a hung wait. Connected sources des...
CVE-2023-52834
CVE-2023-52834 was resolved in the Linux kernel by addressing a DMA RX overflow in the alx/atl1c drivers. The fix replaces a custom allocator with a check on the allocated skb address and uses skb_reserve() to avoid the problematic 0x…fc0 address. The alx workaround was implemented first; the atl...
CVE-2023-52840
CVE-2023-52840 is a Linux kernel flaw in the synaptics-rmi4 driver where a use-after-free occurs in rmi_unregister_function() due to a premature dereference after put_device() calls rmi_release_function(). The fix moves the put_device() call to the end, preventing the subsequent access (fn->nu...
CVE-2023-52973
The CVE-2023-52973 issue affects the Linux kernel’s vc_screen path (vt/vc_screen.c). Root cause: a use-after-free of vc_data after console_unlock() in vcs_read(), where the vc_data pointer was loaded inside the loop, allowing a UAF in vcs_size(). The bug was fixed by moving the vc_data load to th...
CVE-2024-26651
CVE-2024-26651 concerns a Linux kernel issue where a missing check in usbnet_get_endpoints could fail to propagate an error, potentially enabling a local impact as described in the advisory. The vulnerability is tied to the usbnet_endpoints handling path, with the described fix being to add a che...
CVE-2024-26680
CVE-2024-26680—Linux kernel (net/atlantic): The issue arises in the Atlantic driver’s PTP HWTS ring. aq_ring_hwts_rx_alloc() allocates extra DMA memory for the HWTS ring, but aq_ring_free() did not account for that extra size, causing a mismatch between mapped and unmapped DMA regions (trace show...
CVE-2024-35893
CVE-2024-35893 relates to a Linux kernel net/sched kernel-infoleak via act_skbmod. The issue was that tcf_skbmod_dump() copied four bytes from kernel stack to user space because struct tc_skbmod has a four‑byte hole. The fix clears the structure before filling fields to prevent uninitialized data...
CVE-2024-35934
The CVE-2024-35934 issue affects the Linux kernel net/smc subsystem. Affected component: smc_pnet-related code in net/smc (pnet IDs list creation). Root cause: excessive RTNL (rtnl) lock pressure during net namespace/pnet initialization, caused by smc_pnet_create_pnetids_list() acquiring rtnl in ...
CVE-2024-36000
The vulnerability CVE-2024-36000 is a Linux kernel issue where mm/hugetlb could miss acquiring hugetlb_lock during resv uncharge, particularly in a userfault context via UFFDIO_COPY. The root cause is locking criteria being overlooked in hugetlb_cgroup_uncharge_folio_rsvd(), which updates the cgr...
CVE-2024-36010
CVE-2024-36010: Linux kernel igb driver fix for string truncation warnings in igb_set_fw_version. The patch expands the adapter->fw_version buffer (using kasprintf then falling back to snprintf) to avoid -Wformat-truncation warnings in igb_main.c and prevents NULL dereference by not exposing a...
CVE-2024-36017
The CVE-2024-36017 entry is valid and has concrete details in connected sources. The vulnerability is in the Linux kernel rtnetlink path: nested IFLA_VF_VLAN_LIST attributes are assumed to be struct ifla_vf_vlan_info (size 14 bytes). Validation used NLA_HDRLEN (4 bytes), enabling a too-small attr...
CVE-2024-38608
CVE-2024-38608 – Linux kernel net/mlx5e: Fix netif state handling Root cause: In mlx5e_suspend, resources are freed only if netif_device_present() is true. During mlx5e_resume, netif state is changed (via mlx5e_nic_enable) only if reg_state == NETREG_REGISTERED. If netdev is not registered, the r...
CVE-2024-38662
CVE-2024-38662 affects the Linux kernel (BPF) where deletion from sockmap/sockhash is allowed only if the program was previously allowed to update that map. The issue arises when a BPF program attached to a tracepoint performs map_delete on these maps, triggering a locking-rule violation. The ver...
CVE-2024-39507
CVE-2024-39507 is a Linux kernel issue affecting the net/hns3 driver. The vulnerability stems from a race between link-status change handling and the RoCE driver: when the NIC reports a link status change, the RoCE driver may be uninitialized, leading to a kernel crash. The fix introduces a check...
CVE-2024-40906
The CVE-2024-40906 entry describes a Linux kernel vulnerability in the mlx5 driver where the health timer could continue after a failed teardown_hca during driver removal, risking a use-after-free that could trigger a page fault. The fix is to always stop the health monitor during driver removal,...
CVE-2024-41076
CVE-2024-41076: In the Linux kernel, NFSv4: Fix memory leak in nfs4_set_security_label. The vulnerability leaks nfs_fattr and nfs4_label each time a security xattr is set. The connected Astra/IBM bulletins reiterate this CVE as resolved; no other product/vendor/version details are provided in the...
CVE-2024-43853
CVE-2024-43853 is a Linux kernel vulnerability where a Use-After-Free could occur when reading /proc/cpuset due to a race during rebinding of the v1 root cgroup after unmount. The issue stems from rebinding top_cpuset.css.cgrp to the default root while a cached cgroup_root could still be referenc...
CVE-2024-44938
CVE-2024-44938 relates to the Linux kernel JFS code. The issue is a shift-out-of-bounds in dbDiscardAG when BLKSTOL2() returns 0 while seeking the next smaller log2 block, which can yield a negative shift exponent. The patch resolves this by exiting the loop when a negative shift is encountered. ...
CVE-2024-49927
The CVE-2024-49927 entry concerns the Linux kernel x86 IO-APIC code. The connected Astra Linux security bulletin details the vulnerability as: a failure to allocate an irq_pin_list could cause a kernel panic with the message “IO-APIC: failed to add irq-pin,” due to a panicky legacy IO/APIC path d...
CVE-2024-50106
The CVE-2024-50106 entry concerns the Linux kernel (nfsd) and describes a race between laundromat handling revoked delegations and a client issuing free_stateid, which can lead to a use-after-free of a delegation stateid if a new open finds a non-empty lease list and dereferences a freed stateid....
CVE-2024-53118
CVE-2024-53118 (Linux kernel) has been addressed by fixing a memory leak in the vsock error queue. The issue occurred because kernel MSG_ZEROCOPY completion notifications in the error queue were left uncleaned when the socket was destroyed, leading to unreferenced objects and potential leaks. The...
CVE-2024-56606
CVE-2024-56606 concerns the Linux kernel vulnerability in af_packet where, after sock_init_data() allocates a sk object and attaches it to a sock, packet_create() on error frees the sk but leaves a dangling sk pointer in the sock. This can enable a use-after-free if other code reuses that pointer...
CVE-2024-56729
CVE-2024-56729 concerns the Linux kernel’s SMB/CIFS path. The vulnerability arises from not initializing cfid->tcon before performing network operations, which can cause a leak of a tcon reference when a lease-break races with opening a cached directory. The described root cause is that cached...
CVE-2024-57885
CVE-2024-57885: In the Linux kernel, a kmemleak print operation could emit a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is read under specific conditions (CONFIG_PREEMPT_RT=y, SELinux as LSM, kptr_restrict=1, kmemleak buffer non-empty). The issue arise...
CVE-2024-58083
CVE-2024-58083 affects the Linux kernel KVM: the target vCPU was not reliably verified online before clamping the index in kvm_get_vcpu(). If the index is bad, nospec clamping could return vCPU0, leading to a use‑after‑free when vCPU0 is dereferenced. The issue is mitigated by ensuring vCPU0 is o...
CVE-2025-21692
Summary: CVE-2025-21692 affects the Linux kernel net/sched ETS Qdisc, where ets_class_from_arg() can index an out-of-bounds ets_class when clid is 0, leading to an Out-Of-Bounds condition and potential local privilege escalation. The vulnerability is demonstrated in the provided trace and is link...